CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2014-3433
https://notcve.org/view.php?id=CVE-2014-3433
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue. Vulnerabilidad de XSS en la consola de gestión en Symantec Data Insight 3.x y 4.x anterior a 4.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un campo de formulario no especificado, relacionado con un problema de 'inyección de secuencias de comandos HTML'. • http://www.securityfocus.com/bid/68161 http://www.securitytracker.com/id/1030472 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 71%CPEs: 3EXPL: 0CVE-2014-3432
https://notcve.org/view.php?id=CVE-2014-3432
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. Vulnerabilidad de XSS en la consola de gestión en Symantec Data Insight 3.x y 4.x anterior a 4.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un campo de formulario no especificado. • http://secunia.com/advisories/59538 http://secunia.com/advisories/59561 http://www.securityfocus.com/bid/68160 http://www.securitytracker.com/id/1030472 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •